Trusted computing

US 9,569,638 B2
Filed: 12/31/2014
Issued: 02/14/2017
Est. Priority Date: 12/31/2014
Status: Active Grant

First Claim

Patent Images

1. A trusted computing device, comprising:

an isolated environment comprising;

an isolated environment processor;

memory comprising a secure partition and a non-secure partition, the memory connected for data communication with the isolated environment processor; and

an auxiliary processor connected for data communication with the isolated environment processor and the memory,wherein the memory and the auxiliary processor communicate with a host only through the isolated environment processor;

a host interface connected for data communication with the isolated environment processor;

at least one secure interface, separate from the host interface and connected for data communication with the isolated environment processor; and

a computer program product comprising a non-transitory computer-readable media having computer-executable program instructions embodied thereon that, when executed by the trusted computing device, cause the trusted computing device to;

provision the trusted computing device for cryptographic operations via the at least one secure interface;

present a first file system partition at the host interface via the isolated environment processor, the first file system partition comprising a host write file and a host read file, wherein file creation and file deletion privileges are allocated only to the isolated environment processor;

present a non-secured second file system partition with access to the memory non-secure partition via the host interface via the isolated environment processor;

receive, via the host write file, requests to perform trusted computing in the isolated environment, the trusted computing comprising one or more of;

random number generation, append-only logging, monotonic counting, streaming encryption and decryption, bulk encryption and decryption, and isolated storage;

perform the requested trusted computing using at least one of the isolated environment processor, the memory secure partition and the auxiliary processor; and

write the trusted computing results to the host read-only file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A trusted computing device (TCD) includes an isolated environment, host interface, secure interface, and program instructions. The environment includes an isolated environment processor (IEP), memory (secure and non-secure partition), and an auxiliary processor (AP). Memory and AP are connected for data communication with the IEP, and communicate with a host only through the IEP. The host interface and each secure interface are connected for data communication with the IEP. The instructions provision TCD for cryptographic operations via a secure interface; present a first file system partition comprising a write file and a read file with file creation/deletion privileges allocated only to the IEP at the host interface via the IEP; present a non-secured file system partition with access to the non-secure partition via the host interface via the IEP; receive, via the write file, requests to perform trusted computing; perform requested computing using the IEP, secure memory, and AP; and write results to the read file.

31 Citations

View as Search Results

20 Claims

1. A trusted computing device, comprising:
- an isolated environment comprising;
  
  an isolated environment processor;
  
  memory comprising a secure partition and a non-secure partition, the memory connected for data communication with the isolated environment processor; and
  
  an auxiliary processor connected for data communication with the isolated environment processor and the memory,wherein the memory and the auxiliary processor communicate with a host only through the isolated environment processor;
  
  a host interface connected for data communication with the isolated environment processor;
  
  at least one secure interface, separate from the host interface and connected for data communication with the isolated environment processor; and
  
  a computer program product comprising a non-transitory computer-readable media having computer-executable program instructions embodied thereon that, when executed by the trusted computing device, cause the trusted computing device to;
  
  provision the trusted computing device for cryptographic operations via the at least one secure interface;
  
  present a first file system partition at the host interface via the isolated environment processor, the first file system partition comprising a host write file and a host read file, wherein file creation and file deletion privileges are allocated only to the isolated environment processor;
  
  present a non-secured second file system partition with access to the memory non-secure partition via the host interface via the isolated environment processor;
  
  receive, via the host write file, requests to perform trusted computing in the isolated environment, the trusted computing comprising one or more of;
  
  random number generation, append-only logging, monotonic counting, streaming encryption and decryption, bulk encryption and decryption, and isolated storage;
  
  perform the requested trusted computing using at least one of the isolated environment processor, the memory secure partition and the auxiliary processor; and
  
  write the trusted computing results to the host read-only file.

2. A trusted computing system, comprising:
- a trusted computing device comprising;
  
  an isolated environment comprising;
  
  an isolated environment processor, andmemory comprising a secure partition and connected for data communication with the isolated environment processor, wherein the memory communicates with the host only through the isolated environment processor;
  
  a host interface connected for data communication with the isolated environment processor;
  
  at least one secure interface, the secure interface being separate from the host interface and being connected for data communication with the isolated environment processor; and
  
  a computer program product comprising a non-transitory computer-readable media having computer-executable program instructions embodied thereon that when executed by a computer cause the computer to;
  
  provision the trusted computing device for cryptographic operations via the at least one secure interfacepresent a first file system partition via the host interface from the isolated environment processor, the first file system partition comprising a host write file and a host read-only file;
  
  receive, via the host write file, requests to perform trusted computing in the isolated environment;
  
  to perform the requested trusted computing operations using the isolated environment processor and the memory secure partition; and
  
  write the secure operation results to the host read-only file.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 3. The trusted computing system of claim 2, wherein:
    - the memory further comprises a non-secure partition; and
      
      the computer-executable program instructions to further present an unsecured second file system partition with access to the memory non-secure partition via the host interface from the isolated environment processor.
  - 4. The trusted computing system of claim 2, wherein:
    - the isolated environment further comprises an auxiliary processor connected for data communication with the isolated environment processor and the memory; and
      
      the computer executable program instructions to further perform the requested secure operations using at least one of the isolated environment processor, the memory secure partition, and the auxiliary processor.
  - 5. The trusted computing system of claim 4, wherein:
    - the computer-executable program instructions requests to perform trusted computing in the isolated environment to further receive, via the host write file, requests to perform streaming encryption using the auxiliary processor, upon receipt of a request to perform streaming encryption.
  - 6. The trusted computing system of claim 2, wherein the at least one secure interface associated with computer executable program instructions to provision the computing device for cryptographic operations is a Joint Test Action Group (JTAG) interface.
  - 7. The trusted computing system of claim 2, wherein:
    - the trusted computing device further comprises at least one secure interface, the secure interface being separate from the host interface and being connected for data communication with the isolated environment processor; and
      
      the computer executable program instructions to further execute a challenge-response authentication protocol via the at least one secure interface as a condition precedent to performing at least one trusted computing activity in the isolated environment.
  - 8. The trusted computing system of claim 7, wherein the secure interface is responsive to a user touch, and the required response of the challenge response protocol is a user touch.
  - 9. The trusted computing system of claim 7, further comprising a user interface device in data communication with the isolated environment via the at least one secure interface, the user interface device being responsive to a user touch, and the required response of the challenge response protocol being a user touch to the remote user interface.
  - 10. The trusted computing system of claim 9, wherein the data communication link between the remote user input device and the at least one secure interface comprises a near field communication (NFC) link.
  - 11. The trusted computing system of claim 2, wherein the memory comprises flash memory.
  - 12. The trusted computing system of claim 11, wherein the trusted computing device is form-compatible and function-compatible with the micro Secure Digital (microSD) nonvolatile memory card standard.
  - 13. The trusted computing system of claim 2, wherein first file system partition is compatible with a File Allocation Table (FAT) computer file system architecture.
  - 14. The trusted computing system of claim 13, wherein all blocks in the first file system partition, except for the blocks used for the read-only file and the write file, are marked as bad.
  - 15. The trusted computing system of claim 2, wherein trusted computing comprises data serialization and data deserialization.

16. A method to perform trusted computing, comprising:
- providing a trusted computing device, comprising,an isolated environment comprising;
  
  an isolated environment processor, andmemory comprising a secure partition and connected for data communication with the isolated environment processor, wherein the memory communicates with the host only through the isolated environment processor;
  
  a host interface connected for data communication with the isolated environment processor;
  
  at least one secure interface, the secure interface being separate from the host interface and being connected for data communication with the isolated environment processor; and
  
  a computer program product comprising a non-transitory computer-readable media having computer-executable program instructions embodied thereon that when executed by a computer cause the computer to;
  
  provision the trusted computing device for cryptographic operations via the at least one secure interfacepresent a first file system partition via the host interface from the isolated environment processor, the first file system partition comprising a host write file and a host read-only file;
  
  receive, via the host write file, requests to perform trusted computing in the isolated environment;
  
  to perform the requested trusted computing operations using the isolated environment processor and the memory secure partition; and
  
  write the secure operation results to the host read-only file.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein:
    - the memory further comprises a non-secure partition; and
      
      the computer-executable program instructions to further present an unsecured second file system partition with access to the memory non-secure partition via the host interface from the isolated environment processor.
  - 18. The method of claim 16, wherein:
    - the isolated environment further comprises an auxiliary processor connected for data communication with the isolated environment processor and the memory; and
      
      the computer executable program instructions to further perform the requested secure operations using at least one of the isolated environment processor, the memory secure partition, and the auxiliary processor.
  - 19. The method of claim 18, wherein:
    - the computer-executable program instructions requests to perform trusted computing in the isolated environment to further receive, via the host write file, requests to perform streaming encryption using the auxiliary processor, upon receipt of a request to perform streaming encryption.
  - 20. The method of claim 16, wherein the at least one secure interface associated with computer executable program instructions to provision the computing device for cryptographic operations is a Joint Test Action Group (JTAG) interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Zatko, Peiter Charles, Rizzo, Dominic
Primary Examiner(s)
Vaughan, Michael R
Assistant Examiner(s)
CATTUNGAL, DEREENA T

Application Number

US14/587,551
Publication Number

US 20160188909A1
Time in Patent Office

776 Days
Field of Search

726/22, 713/193
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/35   communicating wirelessly

G06F 21/6218   to a system of files or obj...

G06F 21/71   to assure secure computing ...

G06F 21/74   operating in dual or compar...

G06F 21/79   in semiconductor storage me...

G06F 2221/2103   Challenge-response

G06F 3/041   Digitisers, e.g. for touch ...

H04L 63/0428   wherein the data content is...

Trusted computing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted computing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links